Note: Approved Charter is on the MACE-paccman website.

Charter:  MACE Privilege and Access Management Working Group (MACE-paccman)

MACE and the Internet2 Middleware Initiative focus on Identity and Access Management (IAM) infrastructure to support the needs of the global higher education and research communities and their partners.  This charter defines a working group devoted to the access management portion of the space.

As a topic access management includes a wide range of concepts, terminology, and services.  As a discipline access management is concerned with providing efficient and effective means for organizations and individuals to control access to computer-based resources to ensure that resources are used in ways that comply with policy or otherwise meet organizational and individual goals.  Common terms in access management include:  authorization, roles, privileges, permissions, policy, groups, and attributes.  Access management is generally dependent on core identity management (users, accounts, identity assurance, etc) and is closely related to other organizational and IT functions such as audit, risk assessment, application design, security, and physical access control.

Access management practice today is very diverse and less mature than other aspects of identity management.  Institutional infrastructure services, such as group and privilege management, even when they exist on a campus, are often not used by many applications.  Access management methods are rarely shared between institutions or across application areas.  Yet as more organizational and personal functions move online and the Internet environment grows more risky, the pressure to make access management more comprehensive, cost-effective, responsive, and policy-compliant increases.  Organizations of all kinds are launching access management initiatives and looking for common solutions, as shown by recent surveys.

The MACE-paccman Working Group provides a venue for tackling these issues.  Outcomes from the group may include:

The Working Group is guided by these principles:

The Working Group will operate under the terms of the Internet2 Intellectual Property Framework.

The Working Group will meet via conference calls, and will interact via mailing list and collaboration space, and any other vehicles deemed useful and open.

The Working Group will operate indefinitely.  Approximately yearly assessments will be done to determine whether changes in structure or scope are necessary, and to confirm the continued utility of the group.